Training

ISO27001 Implementation Training (BTRWatch Simulated)

The cost of information security consists of the sum of security expenditures and the costs of security incidents. There is an inverse relationship between the costs of security expenditures and security incidents. However, if the expenditures are not made to priority areas the security events might not be reduced to the maximum amount. This in turn results in a sub-optimal allocation of security resources.

ISO27001 is a management system standard that supports the handling and management of information security problems. It is an increasingly popular standard as it is subject to certification, required by regulators, and commonly required during the procurement processes for services which involves information sharing with the service provider.

ISO27001 Implementation Training aims to provide the participants with the competence to implement an information security management system in accordance with the requirements of ISO27001 standard with a proven and effective method.

Exercises to be performed during the training will be performed on our BTRWatch Information Security Management System solution and participants will gain practical experience in implementing the management system.

iso27001

Training Details

Information security controls in ISO27002 document will be discussed during the training. However, it is useful for participants to have a basic knowledge of fundamental information security controls.

  • Continuous improvement approach
    • Plan
    • Do
    • Check
    • Act
  • Critical activities and resources for an effective management system
    • Determination of management system objectives in support of the objectives of the organization
      • Determination of the external requirements of the organization
      • Determination of the internal requirements of the organization
    • Management support
      • Management approval of the planning results and support for necessary resources
      • Management review process
    • Audit
      • Periodic audit of the management system for objective review
      • Key features of the audit team
    • Implementing the corrective actions for continuous improvement
      • Corrective action planning
      • Follow-up of corrective actions and assessment of whether they have achieved their goals
    • Communication of management system rules and results
      • Adoption of management system culture
      • Periodic awareness trainings
    • Integration among the management system processes
      • Integration of incident management and planning processes
      • Integration of planning and internal audit processes
      • Integration of corrective action and internal audit processes
    • Document and records management discipline
      • Establishing a policy and procedure culture
      • Creating the necessary records for monitoring the effectiveness of the management system and implementing the records access controls
    • Information security needs
      • Confidentiality
      • Integrity
      • Availability
      • Non-repudiation
      • Strong authentication
    • Understanding the services and products of a sample organization (the activities of the sample organization is determined in accordance with the participant profile)
    • Determination of external and internal information security requirements for a sample organization (with BTRWatch simulation)
    • ISO27001 standard requirements
      • Organizational requirements
      • Leadership
      • Planning
      • Support
      • Operation
      • Performance evaluation
      • Continuous improvement
    • Fundamental risk assessment concepts
      • Information asset
      • Threat
      • Vulnerability
      • Risk
      • Risk formula
    • Risk assessment and identification of critical information assets for a sample organization (with BTRWatch simulation)
      • Identification of the applicable ISO27002 controls
      • Explanation of ISO27002 controls and assignment of them to the risk assessors
        • Information security policies
        • Organization of information security
        • Human resource security
        • Asset management
        • Access management
        • Cryptography
        • Physical and environmental security
        • Operational security
        • Communication security
        • System procurement, development and maintenance
        • Third party management
        • Information security incident management
        • Information security issues related to business continuity
        • Compliance
      • Risk assessment for ISO27002 controls with interview and document review methods
      • Selection of risk response strategies
      • Drafting the statement of applicability
    • Preparation and implementation of risk treatment plan
      • Information security processes
        • Definition of the process according to ISO approach
        • What should be the level of documentation for controls
      • Information security infrastructure
        • Examples of security configurations that reduce information security risks
        • Examples of security solutions that reduce information security risks
      • Human-oriented information security controls
        • Awareness trainings
        • Definition of security roles and responsibilities, security trainings
        • Establishment of organizational structure
      • Identification and creation of corrective actions (with BTRWatch simulation)
      • Identification of residual risks and approval by management (with BTRWatch simulation)
    • Continuous monitoring of the effectiveness of information security controls
    • Management of information security incidents and vulnerabilities (with BTRWatch simulation)
      • Creating incident, weakness, requirement records
      • Creating corrective actions
    • Internal audit of information security management system (with BTRWatch simulation)
      • Audit of ISO27001 requirements
      • Review of completed corrective actions to achieve their objectives
      • Selection and audit of information security controls to be audited
      • Creating corrective actions for nonconformities determined as a result of internal audit
    • Performing the management review activity
      • Creating requirement records in accordance with the management review outcomes (with BTRWatch simulation)
      • Generating corrective actions for requirement records (with BTRWatch simulation)
    • Refresh risk assessment (with BTRWatch simulation)
      • Carrying the risk assessment scenarios to the next period according to the implementation status of the corrective actions
      • Identification of new risks
      • Planning risk response strategies and corrective actions
    • External audit process and maintenance of information security management system
      • Scope, methods and timing of certification audit
      • Periodic and continuous ISMS activities to be fulfilled

Duration: 3 Days

Location: Istanbul

  • All participants are entitled to CERTIFICATE OF PARTICIPATION
  • Participants who successfully complete the assessment exam / CTF cases are entitled to TRAINING CERTIFICATION